1 Answer

In HIPAA terminology, gap analysis refers to procedures necessary to map security requirements to a medical organization's existing security infrastructure. In other words, auditors analyze regulatory guidelines and compare them with corporate security systems, verifying whether these systems abide by the act.

Remediation is an important item on an audit checklist for HIPAA. Auditors rely on HHS directives to ensure that an organization has adequate resources in place to remedy potential security breaches. State-of-the-art technological tools are integral to remediation procedures. These tools include customer relationship management software, enterprise resource planning applications, process re-engineering software and defect-tracking software.

If you’re going to be HIPAA compliant (https://www.netsec.news/hipaa-compliance-checklist/), you should be able to pass each and every one of these hurdles in case of an audit. This may seem like a daunting task, but an experienced HIPAA consultant can guide you through the process. Depending on the size of your organization this can be a variably difficult as HIPAA is an intentionally vague law that is meant to be applied to a variety of entities.

The other way this question could be interpreted is reference an audit of compliance program already in place. The purpose of such an audit would be to check that you are complying with policies and procedures already in place to an acceptable extent. The bureau of Indian Health Services (IHS) publishes a cursory list, but again, a trained professional would be able to find answers that are right for your company.